This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4111 Views
  • 0 replies
  • 0 Likes

What's your experience with 6.0.x?

We started configuring an HA pair of 5020's on 6.0.3. We have yet to pass any traffic through it. I would like to get feedback on real world Palo Alto firewalls that are running 6.0.x and how stable/unstable they are.I did read one thread where a few customers are having HA issues but we have yet tp experience those issues.Thank You

jambulo by L4 Transporter
  • 8726 Views
  • 11 replies
  • 1 Likes

How to identify unused objects?

Hi All,Is it possible to identify unused objects,.? eg: address, address group, app group etcWe are using PS2050 which is taking too much time for commit ( arroung 30 minutes) so i want to remove unused objects from the device which may helps to improve commitwe have more than 700 objects defined and about 220 policies it is very difficult to id...

Gururaj by L4 Transporter
  • 7663 Views
  • 5 replies
  • 0 Likes

Resolved! Apple MAC's and User-ID

We recently implemented a pair of PA-3020 in an Active/Passive cluster.I have been working on USER-ID, but have an issue. There are about 2500 Apple MAC computerson site. They are binded to AD , even if an AD user uses logs in to an Apple MAC there are no MS events in the security logs to forward to the User-ID agent. Most all of the Apple Mac’s...

UA_MC by L1 Bithead
  • 14642 Views
  • 4 replies
  • 1 Likes

XML API: Meaning of cpu load-average / load-maximum values

Hello,first of all I am new to Palo Alto Firewalls and I`m highly impressed about the xml api which comes with palo alto. very cool and useful stuff! It took me just a couple of hours to fulfill some management requirements on reporting. Now I want to go on and create a monitoring script, which checks the cpu-cores for "long-time high-utilizatio...

InetRIT by L1 Bithead
  • 5046 Views
  • 2 replies
  • 0 Likes

PAN-VM HA Link Group Monitoring Issue

Hi,I have a pair of PAN-VM in active/passive mode and configured link group monitoring with four member ports and when I disconnect one of the ports from vSphere the failover happens quickly and marks the node as "non-functional (Link down)" but when I connect back the port the status does not change and failback not happening unless I remove th...

Question on QOS

QOS is something I am looking to start using for a few things but I just had a couple of questions about it.So firstly, I can set a QOS rule and assign a class. I know I can create profiles on the class, but lets just say I use the default classes that are setup. If I create a rule saying that a particular range of IP's going through my internet...

JRussell by L3 Networker
  • 6392 Views
  • 9 replies
  • 0 Likes

Captive Portal; User loosing internet access

Hello,A user is complaining that he is losing internet access randomly through the day. After he refresh the web browser a couple of times or logs off he is able to access the web. The error he gets is a generic IE 10 error, "This page can't be displayed" etc... When I looked at the firewall, Logs -> Traffic, I notice under the "Source User"...

Global Protect + LDAP + Cert Auth = Auth Fail AND Auth Success

Is anyone else running this setup...Global Protect VPN(iPads specifically) using LDAP(Active Directory) AND client certificate for authentication....if you are, have you noticed in the System logs, when a user authenticates to Global Protect the PA logs one or two Auth Fails followed by an Auth Success?Our users are not noticing anything on thei...

jambulo by L4 Transporter
  • 3309 Views
  • 3 replies
  • 0 Likes

Resolved! SMTP long MAIL anomaly Vulnerability(30392)

The description says "This signature detects an anomaly in SMTP protocol. It would trigger when anoverlong mail command argument is passed to MAIL command."Can anyone elaborate on this definition or know where I can access more detailed information about this threat ID?Thanks !!!!!

Resolved! IPSec-ESP No matching record

The last few weeks I have noticed a large amount of traffic on the Network Monitor coming from IPSec-ESP. I moved several VPN tunnels off our old WatchGuard to our Palo Alto PA-3020 around the time this started. When I click on the application itself to filter it I see that it cannot identify anything about the traffic. Is this normal? Shoul...

ClintL by L2 Linker
  • 11082 Views
  • 15 replies
  • 0 Likes

Encrypted Traffic over the Palo Alto

We have site to site VPN (both side PA) in our network, I want to send some encrypted traffic over the tunnel , How the palo alto will decide the encrypted traffic not to be scanned (threats) and filtering rule also not applied for the those traffic. Please suggest.

tiwara by L3 Networker
  • 5733 Views
  • 4 replies
  • 0 Likes

Fan RPM defaults for a 3020

I recently purchased a PA-3020 and just fired it up for the first time. The first thing I have noticed is how loud this device is. It is almost deafening and can be heard in the hallways behind a door in my server room. Is this typical behavior? I check the fan RPM speeds and all four are registering around 14k. I called support but they st...

rayb by Not applicable
  • 3874 Views
  • 2 replies
  • 0 Likes

Dual ISP

My main PA is configured for dual ISP's and I am going to put third party certs for my global protect clients. Do I put two certs on? One for each ISP?

infotech by L4 Transporter
  • 8008 Views
  • 17 replies
  • 0 Likes
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks